The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2023-08-23T19:15:13Zhttps://gitlab.torproject.org/tpo/web/snowflake/-/issues/4Snowflake WebExtension Embed - Design / theme Customization and Code Migration2023-08-23T19:15:13ZAshish SoniSnowflake WebExtension Embed - Design / theme Customization and Code Migration1. **Design Customization:** Is it possible to manually enforce a light theme for the Snowflake extension's embedded content, overriding browser's default preferences irrespective of dark/light theme?
2. **Code Migration:** Also, do we n...1. **Design Customization:** Is it possible to manually enforce a light theme for the Snowflake extension's embedded content, overriding browser's default preferences irrespective of dark/light theme?
2. **Code Migration:** Also, do we need to migrate existing web extension code to the "web/snowflake" repository?https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41978QR code in bridge cards should use a pointer on hover2023-10-02T14:09:50ZdonutsQR code in bridge cards should use a pointer on hoverWhen hovering, bridge card QR codes may be displayed at a larger size in a dialog on click. Since this is a link, it should use the pointer instead of regular cursor on hover.When hovering, bridge card QR codes may be displayed at a larger size in a dialog on click. Since this is a link, it should use the pointer instead of regular cursor on hover.donutsdonutshttps://gitlab.torproject.org/tpo/applications/mullvad-browser/-/issues/200Build system installer for Mullvad Browser on Windows2024-03-26T16:07:58ZrichardBuild system installer for Mullvad Browser on WindowsCurrently Mullvad Browser inherits Tor Browse's portable-only installer on Windows. We should either:
1. Add support to existing installer to support portable OR system `%PROGRAMFILES%` installs
2. Create a second installer which can in...Currently Mullvad Browser inherits Tor Browse's portable-only installer on Windows. We should either:
1. Add support to existing installer to support portable OR system `%PROGRAMFILES%` installs
2. Create a second installer which can install to a system location, separate from the portable installer
3. Update existing installer to be a classic system installer and instead ship portable as a zip archive
Some things to consider:
- System installation requires Admin/Elevation privileges on Windows. NSIS installers can be built such that the elevation prompt happens automatically on launch, but this will likely/possible prevent portable installation on systems which the user does not have admin access (such as in library/univeristy/corporate terminals). I don't know if you can conditionally elevate in an NSIS installer based on install location.
- A second installer to counter the previous constraint would work, but could cause user confusion
- Providing a zip bundle may make it easier for dowstream package maintainers if any were to appear (eg for [chocolatay](https://chocolatey.org/))Pier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/network-health/onbasca/-/issues/156add support for webtunnel bridges2024-02-12T12:46:44Zmeskiomeskio@torproject.orgadd support for webtunnel bridgeshttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel/https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel/https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41817Add more color aliases that take dark mode into account2023-09-19T03:31:18ZPier Angelo VendrameAdd more color aliases that take dark mode into accountWe should add a few new aliases for our colors, e.g., `--purple-60` and `--purple-30`, to remove more media queries.
They're needed for example in the pereferences (see https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_...We should add a few new aliases for our colors, e.g., `--purple-60` and `--purple-30`, to remove more media queries.
They're needed for example in the pereferences (see https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests/660#note_2909188).
We already do it for `--tor-branding-color`, but it's tied to the release channel.henryhenryhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41811Connect buttons in bridge modals should be purple2024-01-30T22:03:42ZdonutsConnect buttons in bridge modals should be purple`Connect` buttons are always purple in our UI, however all other confirmation buttons (e.g. "OK" and "Save") should remain the primary theme color.
See this Figma file for reference: [Figma link](https://www.figma.com/file/RS584DcR4emXr...`Connect` buttons are always purple in our UI, however all other confirmation buttons (e.g. "OK" and "Save") should remain the primary theme color.
See this Figma file for reference: [Figma link](https://www.figma.com/file/RS584DcR4emXrw1F8g3l5x/Tor-Browser-12.5?type=design&node-id=62%3A10116&t=BJbn9R4EgNRt9Tq3-1)henryhenryhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41177fix billing for joker.com domain names2024-03-29T01:07:33Zanarcatfix billing for joker.com domain namesIt seems like our domain names have always been manually renewed, and then sent as expenses to be reimbursed to accounting. we recently realized this as we noticed `tor.network` was expiring. the domain was hosted outside of our normal j...It seems like our domain names have always been manually renewed, and then sent as expenses to be reimbursed to accounting. we recently realized this as we noticed `tor.network` was expiring. the domain was hosted outside of our normal joker.com account and has since been migrated there (#41148). we were mistakenly thinking this would solve the renewal issue, but we actually realized instead that none of our domains are actually configured to be automatically renewed and billed to accounting.
in #41148, have credited the joker.com account by 100$USD, without realizing that is actually problematic for accounting. @sue wants to figure out another way to pay for those domains, and this ticket aims at cleaning that up and regularizing the domain billing at Tor.
note that all domains are marked for autorenewal and `tor.network` *has* been renewed, so there is no more an ~Emergency for this, but it would still be nice to regularize billing.
/cc @susananarcatanarcat2024-04-07https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/issues/156For some website, i-dont-care-about-cookies.eu seems more efficient to block ...2023-08-26T05:59:58ZruihildtFor some website, i-dont-care-about-cookies.eu seems more efficient to block cookie bannersMaybe we can consider adding this list too?
URL: https://www.i-dont-care-about-cookies.eu/abp/Maybe we can consider adding this list too?
URL: https://www.i-dont-care-about-cookies.eu/abp/ruihildtruihildthttps://gitlab.torproject.org/tpo/applications/mullvad-browser/-/issues/151WebRTC leaks UDP traffic outside socks5 proxy2024-02-21T13:20:46ZruihildtWebRTC leaks UDP traffic outside socks5 proxy- Connect to a socks5 proxy on port 1080 in your LAN that uses a different IP than your computer
- Create a room on meet.mullvad.net jitsi instance
- tcpdump on interface connected to internet and filter out port 1080
- observe UDP traff...- Connect to a socks5 proxy on port 1080 in your LAN that uses a different IP than your computer
- Create a room on meet.mullvad.net jitsi instance
- tcpdump on interface connected to internet and filter out port 1080
- observe UDP traffic to the remote jitsi meet peer
So this is not specific to Mullvad Browser, so not sure how/if we need to deal with it.ma1ma1https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-webext/-/issues/81Snowflake is Off / WebRTC feature is not detected.2023-04-23T10:27:21ZcypherpunksSnowflake is Off / WebRTC feature is not detected.I've just installed Snowflake via Chrome and it's not working. Can you confirm the process has been followed correctly? What have I done wrong - or not done at all? Thanks.I've just installed Snowflake via Chrome and it's not working. Can you confirm the process has been followed correctly? What have I done wrong - or not done at all? Thanks.https://gitlab.torproject.org/tpo/core/tor/-/issues/40735[WARN] Tried connecting to router ... identity keys were not as expected2023-11-14T16:59:05Zcypherpunks[WARN] Tried connecting to router ... identity keys were not as expectedBackground: Tor Browser 12.0, Tor 4.7.12, Windows 7, vanilla bridges.
Repeatedly getting the following log line.
```
[WARN] Tried connecting to router at *address* ID=<none> RSA_ID=*FP1*, but RSA + ed25519 identity keys were not as exp...Background: Tor Browser 12.0, Tor 4.7.12, Windows 7, vanilla bridges.
Repeatedly getting the following log line.
```
[WARN] Tried connecting to router at *address* ID=<none> RSA_ID=*FP1*, but RSA + ed25519 identity keys were not as expected: wanted *FP1* + no ed25519 key but got *FP2* + *edFP*.
```
Ideas of what happened:
* MITM
* Bridge operator reinstalled it in-between me getting the bridge and now.
What is wrong:
* Bridge should be marked as unreachable: either it is not used already and connections are doomed to spend resources for nothing, or it should not be used as something is clearly wrong with it
* There should be a way to distinguish first idea from second - my best guess is building a tunneled directory connection to bridge authority and asking "Is there a bridge *FP2* and does it listen on *address*?"https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40700provide the list of architectures as a json2023-08-28T16:17:12Zmeskiomeskio@torproject.orgprovide the list of architectures as a jsonNow that the downloads.json is splited by architecture (#40254) it will be really useful for the consumers (like gettor) of those files to be able to retrieve the full list of architectures.Now that the downloads.json is splited by architecture (#40254) it will be really useful for the consumers (like gettor) of those files to be able to retrieve the full list of architectures.meskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/core/tor/-/issues/40686SocksPort WorldWritable sets file mode to 755 instead of 6662022-12-14T15:47:28ZJeremy Sakladjeremy@saklad5.comSocksPort WorldWritable sets file mode to 755 instead of 666### Summary
Unix domain sockets that are configured to be WorldWritable have incorrect permissions. Such sockets are unusable as a result, since write access is needed for clients to work.
### Steps to reproduce:
1. Use a configuratio...### Summary
Unix domain sockets that are configured to be WorldWritable have incorrect permissions. Such sockets are unusable as a result, since write access is needed for clients to work.
### Steps to reproduce:
1. Use a configuration file with the following options, where `/usr/local/var/run/tor` is a directory with appropriate permissions:
```
SocksPort unix:/usr/local/var/run/tor/socks-group GroupWritable RelaxDirCheck
SocksPort unix:/usr/local/var/run/tor/socks-world WorldWritable
```
2. Run the following command to view their permissions:
```sh
stat /usr/local/var/run/tor/socks-group /usr/local/var/run/tor/socks-world
```
Note that listening on two sockets is **not** necessary to reproduce this bug: it merely makes it easier to see the difference.
### What is the current bug behavior?
Sockets with WorldWritable have the wrong permissions, in contrast to the correctly-implemented GroupWritable:
```
srw-rw---- /usr/local/var/run/tor/socks-group
srwxr-xr-x /usr/local/var/run/tor/socks-world
```
### What is the expected behavior?
```
srw-rw---- /usr/local/var/run/tor/socks-group
srw-rw-rw- /usr/local/var/run/tor/socks-world
```
### Environment
- Which version of Tor are you using? Run `tor --version` to get the version if you are unsure.
0.4.7.10
- Which operating system are you using? For example: Debian GNU/Linux 10.1, Windows 10, Ubuntu Xenial, FreeBSD 12.2, etc.
macOS 12.6
- Which installation method did you use? Distribution package (apt, pkg, homebrew), from source tarball, from Git, etc.
Homebrew
### Relevant logs and/or screenshots
N/A: even `Log debug` doesn't say anything beyond noting that a socket is successfully opened.
### Possible fixes
Investigate whether [this conditional statement](https://gitlab.torproject.org/tpo/core/tor/-/blob/28413e75605cc2d05a2a3e4c766bfbe0a47d848d/src/core/mainloop/connection.c#L1358-1362) is somehow causing an issue.Tor: 0.4.8.x-freezehttps://gitlab.torproject.org/tpo/core/tor/-/issues/40677Errors parsing descriptors2022-10-31T20:42:12ZTom Rittertom@ritter.vgErrors parsing descriptors```
Sep 27 12:18:43.000 [notice] Bootstrapped 55% (loading_descriptors): Loading relay descriptors
Sep 27 12:18:43.000 [warn] Bad element "$E470DD7B0" while parsing a node family.
Sep 27 12:18:43.000 [warn] Bogus ed25519 key in microdesc...```
Sep 27 12:18:43.000 [notice] Bootstrapped 55% (loading_descriptors): Loading relay descriptors
Sep 27 12:18:43.000 [warn] Bad element "$E470DD7B0" while parsing a node family.
Sep 27 12:18:43.000 [warn] Bogus ed25519 key in microdesc
Sep 27 12:18:43.000 [warn] parse error: Malformed object: missing object end line
Sep 27 12:18:43.000 [warn] Unparseable microdescriptor found in download or generated string
Sep 27 12:18:43.000 [warn] Bad element "$B101B81F3CB7C284ADDF19CD" while parsing a node family.
Sep 27 12:18:43.000 [warn] Bad element "$AC249C56C11FDDFA9" while parsing a node family.
Sep 27 12:18:43.000 [warn] parse error: Malformed object: missing object end line
Sep 27 12:18:43.000 [warn] Unparseable microdescriptor found in download or generated string
Sep 27 12:18:43.000 [warn] Bogus ed25519 key in microdesc
Sep 27 12:18:43.000 [warn] parse error: Malformed object: missing object end line
Sep 27 12:18:43.000 [warn] Unparseable microdescriptor found in download or generated string
```
I'm running 0.4.7.8https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41112Integrate cross-tab identity leak protection into Tor Browser with native UX2024-03-27T14:39:06ZdonutsIntegrate cross-tab identity leak protection into Tor Browser with native UXIn response to the potential for cache side channel attacks reported in https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41071, @ma1 deployed [Cross-tab Identity Leak Protection](https://noscript.net/usage/#crosstab-i...In response to the potential for cache side channel attacks reported in https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41071, @ma1 deployed [Cross-tab Identity Leak Protection](https://noscript.net/usage/#crosstab-identity-leak-protection) (or "TabGuard") in NoScript 11.4.8. However some users are finding the warning confusing, and/or are suffering from warning fatigue – e.g.:
```
<Jeremy_Rand_36C3[m]> So far at least 2 users in #tor have been very confused about the NoScript warnings that were recently added. One of them thought the warning meant his identity had already leaked, and panicked and shut off Tor Browser. Seems like we should ask the UX Team to evaluate how we can improve this, now that we have some breathing room since the vulnerability is mitigated.
<Jeremy_Rand_36C3[m]> One of the two users I noticed who was confused about the warning was one of my co-workers, who is very technically proficient, including about Tor, and even he couldn't understand what the warning was about, what triggered it, and what the correct course of action was
<Jeremy_Rand_36C3[m]> Then you have a less sophisticated user who thought the warning meant he was already pwned and panicked
<Jeremy_Rand_36C3[m]> I was hoping the UX Team might be able to evaluate how this warning can be better presented so that users don't get confused or make bad decisions when they see it
```
We're planning on integrating this feature into Tor Browser as part of the work to migrate the Security Level feature in https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40925. We should take this opportunity to improve the UX in general, in addition to converting the feature into standard Tor Browser UI patterns.ma1ma1https://gitlab.torproject.org/tpo/applications/vpn/-/issues/21Privacy policy2023-12-07T20:38:42Zmicahmicah@torproject.orgPrivacy policyIn order for an app to be uploaded to the Google Play Store, a privacy policy needs to be defined.
"Adding a privacy policy to your app's store listing helps provide transparency about how you treat sensitive user and device data.
The ...In order for an app to be uploaded to the Google Play Store, a privacy policy needs to be defined.
"Adding a privacy policy to your app's store listing helps provide transparency about how you treat sensitive user and device data.
The privacy policy must, together with any in-app disclosures, comprehensively disclose how your app collects, uses, and shares user data. This includes the types of parties with whom it’s shared. You should consult your legal representative to advise you of what is required.
For apps that request access to sensitive permissions or data (as defined in the user data policies): You must link to a privacy policy on your app's store listing page and within your app. Make sure your privacy policy is available on an active URL, applies to your app, and specifically covers user privacy."Sponsor 101 - Tor VPN Client for AndroidIsabela FernandesIsabela Fernandeshttps://gitlab.torproject.org/tpo/core/chutney/-/issues/40020Not found error2022-07-25T03:24:47ZPulkit ChandelNot found errorFileNotFoundError: [Errno 2] No such file or directory: '/home/eict/chutney/net/nodes.1657278323/006r/torrc'
</pre>
Why am I Getting this error. The file 006r was never made when I executed tor chutney command, then why is it looking for...FileNotFoundError: [Errno 2] No such file or directory: '/home/eict/chutney/net/nodes.1657278323/006r/torrc'
</pre>
Why am I Getting this error. The file 006r was never made when I executed tor chutney command, then why is it looking for it.And how to solve ithttps://gitlab.torproject.org/tpo/core/torspec/-/issues/163We should make HSv3 desc upload less frequent2022-10-17T19:28:01ZGeorge KadianakisWe should make HSv3 desc upload less frequentWithout checking the source code right now, HSDirs are supposed to cache HS descriptors for the inscribed lifetime (3 hours), and HSv3s are supposed to upload descriptors at a random time between 1 and 2 hours (see `HS_SERVICE_NEXT_UPLOA...Without checking the source code right now, HSDirs are supposed to cache HS descriptors for the inscribed lifetime (3 hours), and HSv3s are supposed to upload descriptors at a random time between 1 and 2 hours (see `HS_SERVICE_NEXT_UPLOAD_TIME_MIN`).
This makes HSv3s upload descriptors more frequently than needed. For example, we could increase this to upload descriptors between 2 and 2.9 hours, to make HSv3s less intense on the network.
Someone should double check the above logic and make sure it won't cause issues, and implement it.https://gitlab.torproject.org/tpo/core/torspec/-/issues/157hs: Do not allow more than one control cell on a circuit2022-10-17T19:28:01ZDavid Gouletdgoulet@torproject.orghs: Do not allow more than one control cell on a circuitThis is the list of HS control cell that is they are all for establishing a circuit or/and "connection" between HS entities (IP, RP, Service, client):
```
RELAY_COMMAND_ESTABLISH_INTRO:
RELAY_COMMAND_ESTABLISH_RENDEZVOUS:
RELAY_COMMAND_...This is the list of HS control cell that is they are all for establishing a circuit or/and "connection" between HS entities (IP, RP, Service, client):
```
RELAY_COMMAND_ESTABLISH_INTRO:
RELAY_COMMAND_ESTABLISH_RENDEZVOUS:
RELAY_COMMAND_INTRODUCE1:
RELAY_COMMAND_INTRODUCE2:
RELAY_COMMAND_INTRODUCE_ACK:
RELAY_COMMAND_INTRO_ESTABLISHED:
RELAY_COMMAND_RENDEZVOUS1:
RELAY_COMMAND_RENDEZVOUS2:
RELAY_COMMAND_RENDEZVOUS_ESTABLISHED:
```
It appears that anyone can send an arbitrary amount of those cells on the same circuit. Even to the point that tor allows a rendezvous circuit to become an intro circuit.
The only special one is `INTRODUCE2` which is by-design are sent a lot on the same circuit.
The only cell currently limited to 1 cell is `INTRODUCE1` since we do not allow multiple introductions on the same client circuit for DoS reasons.
But the rest should only be seen *once* on a circuit. Lets restrict them and if we see more, then we close the circuit due to a protocol error. This would limit side-channels.https://gitlab.torproject.org/tpo/core/torspec/-/issues/124Authorities should cap relay consensus weight as a new consensus method2022-07-18T17:54:03ZteorAuthorities should cap relay consensus weight as a new consensus methodarma says on IRC:
```
armadev: teor4: is there a ticket for capping the total weight a given relay can get? i remember you mentioning that this should happen as a new consensus method, i.e. so the authorities actually collectively cap it...arma says on IRC:
```
armadev: teor4: is there a ticket for capping the total weight a given relay can get? i remember you mentioning that this should happen as a new consensus method, i.e. so the authorities actually collectively cap it, rather than relying on each vote individually to do it. i think that's a compelling idea.
```
I'm not sure if the cap should be the same across the network, or if it should be different based on each relay's MaxAdvertisedBandwidth.
If we want to base it on MaxAdvertisedBandwidth, we should also make MaxAdvertisedBandwidth a separate number in relay descriptor bandwidth lines, rather than combining it with bandwidth rate and bandwidth burst.